See our SolarStorm response
  • Network Security
  • Cloud Security
  • Security Operations
  • More
  • Get support
  • Sign In
  • Get Started
Cyberpedia
  • Cybersecurity
  • Network Security
  • Cloud Security
  • Threats
  • Security Operations
  • Compliance
  • Cybersecurity
  • Network Security
  • Cloud Security
  • Threats
  • Security Operations
  • Compliance
Threats

Cybercrime: The Underground Economy

3min. read

The success of any industry is reliant on its economics. Cybercrime is no different, maintaining its own economy of commoditized products and services

The success of an industry is reliant on its economics – the ­production, allocation and use of its goods and services. Cybercrime, like any ­other industry­ or business, maintains its own economy of commoditized ­products and services.


Products

The products of the cybercrime economy, similar to any other product in any other industry,­ benefit both the seller and the buyers. The sellers benefit from quick and discrete­ payout and the buyers benefit from “out of the box” malicious operations that can be implemented immediately. These products can be broken down into two main categories: information and resources.

Information includes commodities such as:

  • Stolen personally identifiable information (PII): This includes everything from mass email lists used by spammers to full identity theft packages to commit financial fraud.
  • Exfiltrated organizational information: This includes intellectual capital/property, nonpublic internal data and internal operational details.
  • Harvested authentication credentials: Stolen username and password combinations­ continue to present a significant risk these days, especially when the same credentials are re-used across multiple sites.
  • Pilfered financial data: Unauthorized withdrawals from accounts or charges against credit lines continue to plague account holders. 

Resources include such element as:

  • Access to feature-rich malware: Malware across varying capabilities (e.g., ­information stealers, remote administration tools – RATs, ransomware, ­purpose-built utilities) that demonstrate consistent results and avoid source code leakage can generate significant revenue for associated authors and distributors. 
  • Purchase of system or software exploits: While many white hats elect to support bug bounty initiatives by vendors, there remains a lucrative underground market for reliable, unpatched exploits.
  • Transfer of control for previously compromised machines: This usually applies to always-on servers that can then be used as attack platforms or sold for the information­ they store.
  • Malicious actor training: Training is offered through guidebooks or tutorials on effective tool usage and specific tactics, techniques and procedures (TTPs).

Services

The services offered within the cybercrime economy utilizes a leasing structure, in which access to a product is promised at a set rate for a fixed period of time. The sellers benefit from a guaranteed source of recurrent revenue throughout an extended period of time, and buyers benefit from the continued availability and performance of malicious tools. 

These services include offerings such as:

  • Distributed denial of service (DDoS): These are botnet powered attacks that affect the availability of targeted servers and capabilities.
  • Exploit kits (EKs): As part of the service offering, exploit kits are typically leased with a monthly rate for access to the exploit toolkit, allowing for customized end payloads.
  • Infrastructure rental: These include hosting services for attack platforms, malware updates, configuration, command and control (C2), and other attack lifecycle functions.
  • Money laundering: This is known as the transfer (“money muling”) of illegally obtained funds through accounts and mechanisms in money haven countries remains a key service.

Read our blog series Exploring the Cybercrime Underground to learn more.

Be the first to know.

As a member you’ll get exclusive invites to events, Unit 42 threat alerts and cybersecurity tips delivered to your inbox.

By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement.
Subscription Reward

Popular Resources

  • Blog
  • Communities
  • Content Library
  • Cyberpedia
  • Event Center
  • Investors
  • Tech Docs
  • Unit 42
  • Sitemap

Legal Notices

  • Privacy
  • Trust Center
  • Terms of Use
  • Documents

Popular Links

  • About Us
  • Careers
  • Contact Us
  • Manage Email Preferences
Report a Vulnerability
  • USA (ENGLISH)
  • AUSTRALIA (ENGLISH)
  • BRAZIL (PORTUGUÉS)
  • CANADA (ENGLISH)
  • CHINA (简体中文)
  • FRANCE (FRANÇAIS)
  • GERMANY (DEUTSCH)
  • INDIA (ENGLISH)
  • ITALY (ITALIANO)
  • JAPAN (日本語)
  • KOREA (한국어)
  • LATIN AMERICA (ESPAÑOL)
  • MEXICO (ESPAÑOL)
  • SINGAPORE (ENGLISH)
  • SPAIN (ESPAÑOL)
  • TAIWAN (繁體中文)
  • UK (ENGLISH)
  • Facebook
  • Linkedin
  • Twitter
  • Youtube
Create an account or login

© 2021 Palo Alto Networks, Inc. All rights reserved.